Fwd: Authentication with Happstack

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Fwd: Authentication with Happstack

Corentin Dupont

Hi guys,
I'm starting to use Servant, really nice!

I'm making a REST API for an existing application (Nomyx).
https://github.com/cdupont/Nomyx/issues/116
The application already has an authentication system using Happstack-Authenticate.
AFAIK, Happstack-Authenticate identify users with tokens that are stored in cookies.

How can this interact with Servant? I'd like the users to identify with the web interface (login/password) and then to be able to use the both the web interface and the REST API.
With Servant I'd like to use another web server (not Happstack), such as WAI.

Thanks for the help!
Corentin


--
Reply | Threaded
Open this post in threaded view
|

Re: Authentication with Happstack

Sönke Hahn
Hi Corentin,

not sure, but it sounds like you're planning to run your happstack app and the servant app separately on different ports. Can you have an endpoint in the happstack app (say '/api') that is protected by the happstack auth mechanism and that proxies to the servant app? And make sure the servant app is not otherwise publicly accessible? Then servant wouldn't have to worry about authentication at all.

Cheers,
Sönke

On Mon, May 2, 2016 at 10:26 PM, Corentin Dupont <[hidden email]> wrote:

Hi guys,
I'm starting to use Servant, really nice!

I'm making a REST API for an existing application (Nomyx).
https://github.com/cdupont/Nomyx/issues/116
The application already has an authentication system using Happstack-Authenticate.
AFAIK, Happstack-Authenticate identify users with tokens that are stored in cookies.

How can this interact with Servant? I'd like the users to identify with the web interface (login/password) and then to be able to use the both the web interface and the REST API.
With Servant I'd like to use another web server (not Happstack), such as WAI.

Thanks for the help!
Corentin


--

--
Reply | Threaded
Open this post in threaded view
|

Re: Authentication with Happstack

Corentin Dupont
Great idea!
I thought that both web server and API server could "tap" in the same authentication database.
But proxying one throught the other is definitely simpler!

On Tue, May 3, 2016 at 11:23 AM, Sönke Hahn <[hidden email]> wrote:
Hi Corentin,

not sure, but it sounds like you're planning to run your happstack app and the servant app separately on different ports. Can you have an endpoint in the happstack app (say '/api') that is protected by the happstack auth mechanism and that proxies to the servant app? And make sure the servant app is not otherwise publicly accessible? Then servant wouldn't have to worry about authentication at all.

Cheers,
Sönke

On Mon, May 2, 2016 at 10:26 PM, Corentin Dupont <[hidden email]> wrote:

Hi guys,
I'm starting to use Servant, really nice!

I'm making a REST API for an existing application (Nomyx).
https://github.com/cdupont/Nomyx/issues/116
The application already has an authentication system using Happstack-Authenticate.
AFAIK, Happstack-Authenticate identify users with tokens that are stored in cookies.

How can this interact with Servant? I'd like the users to identify with the web interface (login/password) and then to be able to use the both the web interface and the REST API.
With Servant I'd like to use another web server (not Happstack), such as WAI.

Thanks for the help!
Corentin


--


--
Reply | Threaded
Open this post in threaded view
|

Re: Authentication with Happstack

Corentin Dupont
In reply to this post by Sönke Hahn
More detailed answer:

On Tue, May 3, 2016 at 11:23 AM, Sönke Hahn <[hidden email]> wrote:
Hi Corentin,

not sure, but it sounds like you're planning to run your happstack app and the servant app separately on different ports.
yes it's the case
 
Can you have an endpoint in the happstack app (say '/api') that is protected by the happstack auth mechanism and that proxies to the servant app?

Not sure how to proxy... Some sort of address translation/port forwarding?
Should I make a 303 "see other" redirect?
Say the web address is foo.com:80 and api serving is localhost:8888
Only port 80 should be open on the firewall...
I'm not sure how I can configure happstack to forward requests on /api to this other server...

 
And make sure the servant app is not otherwise publicly accessible? Then servant wouldn't have to worry about authentication at all.

Cheers,
Sönke

On Mon, May 2, 2016 at 10:26 PM, Corentin Dupont <[hidden email]> wrote:

Hi guys,
I'm starting to use Servant, really nice!

I'm making a REST API for an existing application (Nomyx).
https://github.com/cdupont/Nomyx/issues/116
The application already has an authentication system using Happstack-Authenticate.
AFAIK, Happstack-Authenticate identify users with tokens that are stored in cookies.

How can this interact with Servant? I'd like the users to identify with the web interface (login/password) and then to be able to use the both the web interface and the REST API.
With Servant I'd like to use another web server (not Happstack), such as WAI.

Thanks for the help!
Corentin


--


--
Reply | Threaded
Open this post in threaded view
|

Re: Authentication with Happstack

Sönke Hahn
Hi Corentin,

On Tuesday, May 3, 2016 at 9:36:22 PM UTC+8, Corentin Dupont wrote:
Not sure how to proxy... Some sort of address translation/port forwarding?

What I was thinking of is called a reverse proxy: https://en.wikipedia.org/wiki/Reverse_proxy

The basic idea is that the happstack app will

- receive a request on '/api',
- then in turn relay that request to the servant app,
- wait for the response and
- send the response back to the client.

This all is (mostly?) invisible to the client.
 
Should I make a 303 "see other" redirect?

No, that won't work. A 3xx status code tells the client to send a request to another url. Which would then have to be publicly accessible over the internet. Which is contrary to this idea.
 
I'm not sure how I can configure happstack to forward requests on /api to this other server...

Me neither, I've never worked with happstack. (But the google results for 'happstack reverse proxy' look promising.)

Cheers,
Sönke


--